Smart Grid Technology Implicates New Privacy Concerns

The smart grid is an advanced metering infrastructure made up of “smart meters” capable of recording detailed and near-real time data on consumer electricity usage. That data would then be sent to utilities through a wireless communications network. In recent years, utilities have increased the pace of smart meter deployment—smart meters are expected to be on 65 million homes by 2015. A smart grid could deliver electricity more efficiently and would enable consumers to track and adjust their energy usage in real time through a home display. But these new capabilities also implicate new privacy concerns.

While conventional meters only measure a consumer’s total electricity usage, smart meters record detailed electricity usage as often as once every 15 seconds, and the resulting usage profiles make it possible to identify which appliances a consumer is using at a particular time. Additionally, proprietary business information might be revealed through energy consumption data of non-residential customers. As the smart meter technology develops and the usage data grows, the data could become valuable to third parties, creating a new market for energy usage data.

The new data-collection capabilities of a smart grid have caught the attention of privacy advocates and the government. To date, California is the only state with laws directly applicable to data tracked by smart meters. Investor-owned utilities in California are prohibited from selling usage data for any purpose and from sharing the usage data without the customer’s consent. In Michigan, utilities are deploying smart meters while the Michigan Public Service Commission simultaneously conducts an investigation into the health, cost, and privacy implications of smart meters. The Commission plans to develop appropriate recommendations by July 2012.

Application of federal privacy laws to the smart grid is still an open question, but regulatory efforts will likely increase as deployment of smart grid technology continues. The first legal battleground is in the Fourth Amendment context. A complaint filed in the Northern District of Illinois late last year alleges a city’s smart meter installation program violates citizens’ Fourth Amendment right to privacy and freedom from unreasonable searches. The case is ongoing and likely will not be decided for some time, but it will be the first decision by a court on the privacy implications of the smart grid.

While there are no federal statutes or regulations directly applicable to smart grid technologies, the National Institute of Standards and Technology, the Department of Energy, and the Congressional Research Service, have each issued reports on the smart grid. The reports note that some existing federal statutes may apply to smart grid privacy issues. If transmitting electric usage data over the smart grid constitutes electronic communications, the Electronic Communications Privacy Act would limit government interception of the communications. Similarly, the Stored Communications Act would prohibit unauthorized persons from accessing stored electronic communications. Finally, the Computer Fraud and Abuse Act might apply to prohibit the unauthorized access of computerized information used in interstate commerce.

The federal reports also note that the FTC likely has jurisdiction over investor-owned utilities and could bring enforcement actions for deceptive acts and unfair practices, which include failure to comply with the utility’s own privacy policy and failure to safeguard data from well-known technology threats.

Finaly, the federal reports detail some guidelines that utilities should keep in mind as they deploy smart grid technology:

Appoint personnel responsible for data security and privacy.

Regularly audit privacy procedures.

Establish procedures for law enforcement data requests.

Provide notice to consumers in advance of collection and use of energy use data.

Aggregate and anonymize data in a way that personal information or activities cannot be determined.

Keep personal information only as long as necessary to accomplish the purpose for which it was collected.

Stacy H. Barrow is an Associate in the Labor & Employment Law Department and a member of the Employee Benefits, Executive Compensation and ERISA Litigation Practice Center and the Health Care Reform Task Force, resident in the Boston office.

Ellen Moskowitz is a senior counsel in the Health Care Department. She provides a broad range of regulatory, corporate and transactional services to the health industry, social services clients and charitable organizations, such as academic medical centers, health clinics, health plans, pharmaceutical companies and not-for-profit organizations.